Archive for the ‘Network’ Category

iSecPartners – Auditing high-value applications cheat-sheet

July 22, 2014 Leave a comment

iSecPartners has released on GitHub a “cheat-sheet” for auditing high-value applications. It’s well worth a read.

This list is intended to be a list of additional or more technical things to look for when auditing extremely high value applications. The applications may involve operational security for involved actors (such as law enforcement research), extremely valuable transactions (such as a Stock Trading Application), societal issues that could open users to physical harassment (such as a Gay Dating Application), or technologies designed to be used by journalists operating inside repressive countries.

It is an advanced list – meaning entry level issues such as application logic bypasses, common web vulnerabilities such as XSS and SQLi, or lower level vulnerabilities such as memory corruption are explicitly not covered. It is assumed that the reader is aware of these and similar vulnerabilities and is well trained in their search, exploitation, and remediation.

A good example of the type of analysis to strive for can be shown in Jacob Appelbaum’s analysis of UltraSurf:


Graphical Network Simulator

January 10, 2014 Leave a comment

GNS3 (Graphical Network Simulator) is an awesome, awesome open-source project:

What is GNS3 ?

GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform. All of this without having dedicated network hardware such as routers and switches.

Our software provides an intuitive graphical user interface to design and configure virtual networks, it runs on traditional PC hardware and may be used on multiple operating systems, including Windows, Linux, and MacOS X.

In order to provide complete and accurate simulations, GNS3 actually uses the following emulators to run the very same operating systems as in real networks:

  • Dynamips, the well known Cisco IOS emulator.
  • VirtualBox, runs desktop and server operating systems as well as Juniper JunOS.
  • Qemu, a generic open source machine emulator, it runs Cisco ASA, PIX and IPS.
Categories: Network, Tech, Uncategorized

Your browser knows all your secrets

August 27, 2013 Leave a comment

Great article:

I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions.  I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck.  So I started looking around and like so many things in life….all you have to do is ask.  Really.  Just ask your browser to give you the secrets and it will!  As icing on the cake, Wireshark will read in those secrets and decrypt the data for you.

Categories: Network, Tech

ostinato: Packet/Traffic Generator and Analyzer

April 23, 2013 Leave a comment

Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates.

Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.

Here is a video demonstrating its usage.

Categories: Network, Tech

KARMETASPLOIT, Pwning the Air!

April 22, 2013 Leave a comment

I’ve used this software before during penetration tests, and it can be a very valuable tool in your toolbox.

Wireless networks have become very common in today’s world, people are used to be connected to wireless networks in office, home, coffee shops etc.

In order to facilitate the process of connecting to the wireless network, most of the operating systems often remember the previous networks connected to (often stored in Preferred Networks List) and send continuous probes looking for these networks. Once the network is found, the system automatically connects to the network.

If more than one of the probed networks is found, it connects to the network with the highest signal strength (though it may vary sometimes on the operating system used). Since these clients send continuous probes, any hacker within the radio frequency range can listen passively and see the networks the client is probing for.

Because of the vulnerabilities in the implementation of the algorithms for connecting to previous networks, it is possible for an attacker to set up a custom station (Access point) and have the victim connect to it. Once the victim is connected to the Fake AP the attacker has IP-level connectivity to the victim and can launch a bunch of attacks against the victim.

Dino Dai Zovi and Shane Macaulay, 2 security researchers, wrote a set of wireless security tools developed as a Proof of concept for this vulnerability and called it Karma.

It was later integrated with Metasploit and called Karmetasploit, so when a victim connects to the fake AP, karmetasploit launches all the suitable attacks available in the Metasploit framework against the vicitm. Karmetasploit also implements various evil services like DNS, POP3, FTP, SMB etc and responds to the client’s requests for these services. That way, we can also capture passwords and other credentials.

Categories: Linux, Network, Tech

SSL Certificate Authorities – How They Are Used (and Abused)

April 21, 2013 Leave a comment

Great article that simply explains how Certificate Authorities work, and how they can be subverted.

Categories: Network, Tech Tags:

Video’s from the NEOisf Meetings

April 20, 2013 Leave a comment

Great infosec presentations from the Northeast Ohio Information Security Forum.

Categories: Disassembly, Linux, Network, Tech

NSA “Defending Against Compromised Certificates”

April 18, 2013 Leave a comment

This PDF is a great 2 page synopsis from the National Security Agency about how to defend against compromised digital certificates.

A digital certificate is a signed, trusted document issued to a company or individual by a trusted certificate authority (CA). Digital certificates are commonly used by web servers to demonstrate their authenticity to web browsers.

Trustworthiness in a digital certificate depends on both the confidentiality of the private key for the particular certificate, as well as confidence that the CA who issued the certificate would issue it to only authentic parties. When that trust is broken, it becomes necessary to revoke trust in a certificate or in a certificate authority.

This guidance provides IT personnel with actionable information to defend against compromised CA and web site certificates, which could permit a malicious web server to impersonate the genuine one. Each operating system (OS) and browser may use different mechanisms to check and revoke trust in a certificate. Some use a Certificate Revocation List (CRL), while others use the Online Certificate Status Protocol (OCSP).

Still others rely entirely on the issuance of software updates, whose prompt application remains fundamentally important. Variety also exists in how browsers handle certificate validation. Some query the OS certificate store, while others use their own certificate store and thus must be configured separately. Finally, note that some sites may become inaccessible when enforcing strict revocation checking.

Categories: Network, Tech

Remotely perform a network capture without installing anything

April 16, 2013 Leave a comment

If you need to capture a network trace of a client or server without installing Wireshark or Netmon this might be helpful for you. (This feature works on Windows 7/2008 R2 and above).

The short version:

1. Open an elevated command prompt and run: "netsh trace start persistent=yes capture=yes tracefile=c:\temp\nettrace-boot.etl" (make sure you have a \temp directory or choose another location).

2. Reproduce the issue or do a reboot if you are tracing a slow boot scenario.

3. Open an elevated command prompt and run: "netsh trace stop"

Your trace will be stored in c:\temp\nettrace-boot.el or where ever you saved it. You can view the trace on another machine using netmon.

Categories: Network, Tech, Windows

Rogue CA’s with man in the middle attacks

March 18, 2013 Leave a comment

This is a great article describing how an attacker can pose as a valid certificate authority, distribute their root CA to clients, and silently break TLS sessions to read the supposedly secured traffic.

You can also download a copy of this as a white paper which is free to distribute at


Categories: Network